MPU Meeting Wednesday 22nd April 2020
Profile Security
Nothing happened.
DICE Ubuntu Platform
Stephen has been working on adding support for Ubuntu to the
pkglist-tools scripts. In particular, the build_package_lists script
can now generate updates package list file for Ubuntu. The Ubuntu
repository has 4 components -
main,
universe,
multiverse and
restricted. There are also 4 types of updates -
security,
updates,
proposed and
backports. The new script can be
configured to generate updates lists for any combination of components
and types of updates. The plan is that by default we will generate a
list of
security and
updates packages for all 4 components. When
we need packages from
proposed or
backports they would be manually
added to the usual override packages file.
Generating the updates lists provided lots of useful test cases for
the new LCFG package specification support in the LCFG core
libraries. A few minor issues have been discovered and resolved.
Stephen is now working on the
aptly
package repository management software. This is to replace the
previous reprepro software which cannot cope with multiple versions of
a package in a repository. He has created an LCFG component, firstly
he is working on support for mirroring remote/upstream repositories,
once that is done he will move onto local repository management.
Alastair has been investigating the
netplan
tool. He has got bonding working with dhcp. He is now working on PXE
installs on his home network and is planning to start looking at the
LCFG preseed support.
Stephen is going to write a project plan, based on the trello board,
and produce milestones. He suggested that Alastair could help with a
basic postfix mail server config, and the graphical environment
(e.g. lightdm, xscreensaver).
User Security Training Materials
Alastair and Chris had a meeting to discuss the project and Chris is
now finalising the fine details of what will be covered. Chris has
gathered more useful responses from COs for his
ThoughtsOn403, he is
working on revised milestones for the project plan.
Misc Development
Not much happened.
Operational
- XRDP servers
- It seems that mate-screensaver sometimes causes problems by taking a long time for the login box to appear. We originally chose mate-screensaver for this service so that users could configure it differently from their normal desktop environment which uses xscreensaver. That's no longer really a requirement so we could switch everyone to using xscreensaver for XRDP. We already do this for XRDP to user's desktops and it works just fine.
- KVM server reboots
- Chris has rebooted clavichord, harpsichord and azul to upgrade their kernels. Note that they still appear in the server reboot list as they require firmware upgrades.
- KVM guests at KB
- MPUclavichordDetails and MPUharpsichordDetails now mention which VMs would be sacrificial in a crisis. This would allow us to quickly make space for important DR services. Also a number of VMs which were no longer required were removed.
- kernel reboots
- Stephen will send out another reminder to COs about machine running old kernels.
- dsu crashing
- Dell have updated one of the packages which are installed by dsu with yum. This appears to have fixed the issue with dsu crashing on some hardware.
- SL7.8
- This has now been released and the deluge of backported security updates for 7.6 has begun. Stephen will hold back all the updates through the usual testupdates mechanism so that there is an extended testing period before they reach stable machines.
- LCFG DR at KB
- Chris will bring up an LCFG slave as a VM at KB and make it use the LCFG DR server, salamanca, as the data source. If that all works fine then we can think about promoting salamanca to be the LCFG master.
- MPU server resilience
- Notes are at MPUServersResilience. Stephen suggested keeping the packages master in the Forum. If we lose that server we can easily switch the package cache servers over to using the static copy on the DR service. The critical issue is keeping the LCFG service alive which should be mostly reliant on the LCFG master.
--
StephenQuinney - 23 Apr 2020